Hi Tommaso, I'm afraid I'm not at all familiar with the release process and am not sure what to do here. Can you simply retrace these steps and do it again correctly?
matt > On Mar 7, 2017, at 8:31 AM, Tommaso Teofili (JIRA) <[email protected]> wrote: > > > [ > https://issues.apache.org/jira/browse/JOSHUA-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15899440#comment-15899440 > ] > > Tommaso Teofili commented on JOSHUA-331: > ---------------------------------------- > > now all seems fine to me, one concern I have is that for RC3 I didn't have > .MD5 checksums in my target directory after having done _mvn release:prepare_ > and _mvn release:perform_ and therefore I took the ones from the staging repo > and copied them to _/dist_ assuming that they got generated using my key, > which of course was not the case. > How should we proceed there ? > > >> Address Apache Joshua 6.1 RC#3 Issues >> ------------------------------------- >> >> Key: JOSHUA-331 >> URL: https://issues.apache.org/jira/browse/JOSHUA-331 >> Project: Joshua >> Issue Type: Task >> Components: release >> Reporter: Tommaso Teofili >> Assignee: Tommaso Teofili >> Fix For: 6.1 >> >> >> Address the following issues: >> {quote} >> Every ASF release MUST contain one or more source packages, which MUST be >> sufficient for a user to build and test the release provided they have >> access to the appropriate platform and tools. - NO >> -Not building due to failing test (BerkleyLM failure). I'm digging a >> bit more into this. >> {quote} >> {quote} >> Every artifact distributed to the public through Apache channels MUST be >> accompanied by one file containing an OpenPGP compatible ASCII armored >> detached signature and another file containing an MD5 checksum. >> - .asc - NO >> I get warning: >> "gpg --verify joshua-incubating-6.1-src.tar.gz.asc >> joshua-incubating-6.1-src.tar.gz >> gpg: Signature made Thu Feb 23 09:15:17 2017 CET using RSA key ID >> 891768A5 >> gpg: Good signature from "Tommaso Teofili <[email protected]>" >> [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner." >> - .md5 - NO >> My md5 of joshua-incubating-6.1-src.tar.gz is >> 504976876b01294811293aa45b5400f5, the joshua-incubating-6.1-src.tar.gz.md5 >> indicates it should be 22b738eeae45757715080702a5bd2789 >> - .sha - NO >> My sha of joshua-incubating-6.1-src.tar.gz is >> 4AB5BA24301590F36AE6452DACC3F21CBD8B3FEC, the >> joshua-incubating-6.1-src.tar.gz.md5 indicates it should be >> 2a55b6d341dddc5369b22a4802a86ec40accd0a1 >> - KEYS - YES >> {quote} > > > > -- > This message was sent by Atlassian JIRA > (v6.3.15#6346)
